Secure your app with 2FA. Rob Allen ~ April 2017
|
|
- Gabriella Watts
- 5 years ago
- Views:
Transcription
1 Secure your app with 2FA Rob Allen ~ April 2017
2 Your users' passwords will be leaked (It might not even be your fault)
3 Passwords have leaked from Sony Zappos JP Morgan Gap Facebook Twitter ebay AT&T Adobe Target Blizzard TalkTalk Evernote Yahoo! Steam Ubisoft Kickstarter Home Depot TK Maxx Vodafone HP AOL Citigroup WorldPay Gmail last.fm Apple SnapChat Ubuntu D&B Formspring Betfair
4 It will take 14 minutes* to crack one of your users' passwords *English word, stored using bcrypt
5 Two-factor authentication protects your users
6 What is 2FA?
7 Implementation on a website
8 Implementation on a website
9 How do we send the code?
10 Used by Steam Wide adoption (everyone has an address!) Likely failures: delivery problems, blocking, spam etc Usually slow! Same system as recover password
11 SMS Used by Twitter & LinkedIn Wide adoption But, SMS can be delayed & could cost to receive
12 Physical device Used by banks, YubiKey, Blizzard, etc Small, long battery life But: expensive
13 App Easy to use No Internet or cellular connection required App is free and trusted
14 One Time Password algorithms
15 HOTP HMAC-based One-Time Password algorithm Computed from shared secret and counter New code each time you press the button RFC 4226
16 HOTP algorithm: step 1
17 HOTP algorithm: step 2
18 HOTP algorithm: step 3
19 HOTP in PHP 1 function hotp($secret, $counter) 2 { 3 $bin_counter = pack('j*', $counter); 4 $hash = hash_hmac('sha1', $bin_counter, $secret, true); 5 6 $offset = ord($hash[19]) & 0xf; 7 8 $bin_code = 9 ((ord($hash[$offset+0]) & 0x7f) << 24 ) 10 ((ord($hash[$offset+1]) & 0xff) << 16 ) 11 ((ord($hash[$offset+2]) & 0xff) << 8 ) 12 (ord($hash[$offset+3]) & 0xff); return $bin_code % pow(10, 6); 15 }
20 Validation process If the user's code matches, then increment counter by 1 If the user's code does not match, then look-ahead a little Resync if can't find in look-ahead: 1. Ask the user for two consecutive codes 2. Look ahead further from last known counter until the 2 codes are found 3. Limit look-ahead to minimise attack area. e.g. 400
21 TOTP Time-based One-Time Password algorithm Computed from shared secret and current time Increases in 30 second intervals RFC 6238
22 TOTP Algorithm
23 TOTP in PHP 1 function totp($secret) 2 { 3 $counter = floor(time() / 30); 4 5 return hotp($secret, $counter); 6 }
24 Implementing 2FA in your application
25 Use a library! $composer require sonata-project/google-authenticator Usage: $g = new \Google\Authenticator\GoogleAuthenticator(); // create new secret and QR code $secret = $g->generatesecret(); $qrcode = $g->geturl('rob', 'akrabat.com', $secret); // validation of code $g->checkcode($secret, $_POST['code']);
26 Things to do 1. Registration of Authenticator 2. Check 2FA TOTP code during login
27 Set up 2FA
28 Set up 2FA
29 Set up 2FA
30 Set up 2FA
31 Set up 2FA
32 Set up 2FA: code 1 $app->get('/setup2fa', function () use ($app) { 2 $user = $_SESSION['user']; 3 4 $g = new \Google\Authenticator\GoogleAuthenticator(); 5 $secret = $g->generatesecret(); 6 $qrcodeurl = $g->geturl($user->getusername(), 7 '2fa.dev', $secret); 8 9 $app->flash('secret', $secret); 10 $app->render('setup2fa.twig', [ 11 'user' => $_SESSION['user'], 12 'secret' => $secret, 13 'qrcodeurl' => $qrcodeurl, 14 ]); 15 });
33 Set up 2FA: template 1 <h1>set up 2FA</h1> 2 3 <p>scan this code into Google Authenticator:</p> 4 <img src="{{ qrcodeurl }}"> 5 <p>or enter this code: <tt>{{ secret }}</tt></p> 6 7 <p>enter code from Google Authenticator to confirm:</p> 8 <form method="post" action="/setup2fa"> 9 <div class="form-group"> 10 <input name="code" maxlength="6"> 11 <button type="submit">confirm</button> 12 </div> 13 </form>
34 Set up 2FA
35 Set up 2FA: process submission 1 $app->post('/setup2fa', function () use ($app) { 2 $secret = $app->environment['slim.flash']['secret']; 3 $code = $app->request->post('code'); 4 5 $g = new \Google\Authenticator\GoogleAuthenticator(); 6 if ($g->checkcode($secret, $code)) { 7 /* successful registration: store secret into user's row in db */ 8 9 $app->redirect('/'); 10 } $app->flash('error', 'Failed to confirm code'); 13 $app->redirect('/setup2fa'); 14 });
36 Logging in
37 Logging in
38 Logging in
39 Logging in
40 Logging in
41 Login: 2FA code form 1 <h1>2fa authentication</h1> 2 3 <p>enter the code from Google Authenticator to complete login:</p> 4 5 <form method="post" action="/auth2fa"> 6 <div> 7 <input name="code" maxlength="6"> 8 <button type="submit">submit</button> 9 </div> 10 </form>
42 2FA code
43 Login: process 2FA code 1 $app->post('/auth2fa', function () use ($app) { 2 $user = $_SESSION['user_in_progress']; 3 $secret = $user->getsecret(); 4 $code = $app->request->post('code'); 5 6 $g = new \Google\Authenticator\GoogleAuthenticator(); 7 if ($g->checkcode($secret, $code)) { 8 /* code is valid! */ 9 $_SESSION['user'] = $_SESSION['user_in_progress']; $app->redirect('/'); 12 } $app->flash('error', 'Failed to confirm code'); 15 $app->redirect('/auth2fa'); 16 });
44 Round out solution Prevent brute force attacks Consider adding a "remember this browser" feature Need a solution for a lost/new phone Example project:
45 Hardware OTP: YubiKey
46 Operation 1. Insert YubiKey into USB slot 2. Select input field on form 3. Press button to fill in OTP field 4. Server validates OTP with YubiCloud service
47 Yubikey's OTP
48 Coding it $composer require enygma/yubikey Usage: $v = new \Yubikey\Validate($apiKey, $clientid); $response = $v->check($_post['yubikey_code']); if ($response->success() === true) { // allow into website }
49 That's all there is to it!
50 Thank you! Rob Allen -
Secure your app with 2FA. Rob Allen ~ November 2015
Secure your app with 2FA Rob Allen ~ @akrabat ~ November 2015 Your users' passwords will be leaked (It might not even be your fault) Passwords have leaked from Sony Zappos JP Morgan Gap Facebook Twitter
More informationMulti-Factor Authentication (MFA)
10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018 10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million accounts hacked Adobe (2013)
More informationNetIQ Advanced Authentication Framework. OATH Authentication Provider User's Guide. Version 5.1.0
NetIQ Advanced Authentication Framework OATH Authentication Provider User's Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 OATH Authenticator Overview
More informationDevice LinkUp Manual. Android
Device LinkUp Manual Android Version 2.0 Release 1.0.0.2587 April 2016 Copyright 2016 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a
More informationOATH-HOTP. Yubico Best Practices Guide. OATH-HOTP: Yubico Best Practices Guide Yubico 2016 Page 1 of 11
OATH-HOTP Yubico Best Practices Guide OATH-HOTP: Yubico Best Practices Guide Yubico 2016 Page 1 of 11 Copyright 2016 Yubico Inc. All rights reserved. Trademarks Disclaimer Yubico and YubiKey are trademarks
More informationTake Control of Your Passwords
Take Control of Your Passwords Joe Kissell Publisher, Take Control Books @joekissell takecontrolbooks.com The Password Problem Passwords are annoying! It s tempting to take the easy way out. There is an
More informationPyOTP Documentation. Release PyOTP contributors
PyOTP Documentation Release 0.0.1 PyOTP contributors Jun 10, 2017 Contents 1 Quick overview of using One Time Passwords on your phone 3 2 Installation 5 3 Usage 7 3.1 Time-based OTPs............................................
More informationDevice LinkUp User Manual OS X
Device LinkUp User Manual OS X Version 2.0 Release 1.0.0.2002 April 2016 Copyright 2016 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in
More informationepct for receiving Offices, Designated Offices and International Authorities
epct for receiving Offices, Designated Offices and International Authorities Getting Started epct version 4.2 1 30-November-2017 Table of Contents Introduction... 3 How to create a WIPO User Account?...
More informationHow to Integrate. REVE Secure 2FA App. with Dashboard.
How to Integrate REVE Secure 2FA App with Dashboard REVE Secure Software Token supports widely deployed mobile platforms like ios, Android, Windows, etc. and uses time-based algorithm to support 2FA. This
More informationAttacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)
Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication) 08 Jun 2017 K-LUG Technical Meeting Rochester, MN Presented by: Vi Grey Independent Security Researcher https://vigrey.com Who
More informationCMS-i First Time Activation User Guide
Download Soft Token Application (ios Application) Download Soft Token Application (Android Application) First Time Activation Soft Token Registration Version : 4.0 Last updated : 22 nd February 2019 alrajhicashbiz24seven
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationDUO SECURITY Integration GUIDE
V1.1 2014-06 Feitian Technologies Co.Ltd Website:www.FTsafe.com Categories 1. About This Document... 1 1.1 Audience... 1 1.2 Feedback... 1 1.3 Overview... 1 1.4 Contact... 1 2. Importing OTP Tokens...
More informationDuo Security Enrollment Guide
Duo Security Enrollment Guide Duo's self-enrollment process makes it easy to register your phone and install the Duo Mobile application on your smartphone or tablet. Supported Browsers: Chrome, Firefox,
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationHow to Claim Your GIAC Digital Badge
How to Claim Your GIAC Digital Badge 2019 2. CONTENTS Page # Information 3-8 9-13 Utilizing Your Email Invitation To Claim Your GIAC Digital Badge Claiming Your Digital Badge From Your SANS Account 14-16
More informationTWO-FACTOR AUTHENTICATION Version 1.1.0
TWO-FACTOR AUTHENTICATION Version 1.1.0 User Guide for Magento 1.9 Table of Contents 1..................... The MIT License 2.................... About JetRails 2FA 4................. Installing JetRails
More informationID protocols. Overview. Dan Boneh
ID protocols Overview The Setup sk Alg. G vk vk either public or secret User P (prover) Server V (verifier) no key exchange yes/no Applications: physical world Physical locks: (friend-or-foe) Wireless
More informationYubiKey Personalization Tool. User's Guide
YubiKey Personalization Tool User's Guide Copyright 2016 Yubico Inc. All rights reserved. Trademarks Disclaimer Yubico and YubiKey are registered trademarks of Yubico Inc. All other trademarks are the
More informationBechtel Partner Access User Guide
Bechtel Partner Access User Guide IMPORTANT: For help with this process, please contact the IS&T Service Center or your local IS&T support group: IS&T Service Center Phone: +1-571-392-6767 US Only +1 (800)
More informationOneKey Mobile App USER GUIDE
USER GUIDE Updated in September 2017 All rights reserved. No part of this publication may be produced or transmitted in any form or by any means, including photocopying and recording, without seeking the
More informationProgramming YubiKeys for Okta Adaptive Multi-Factor Authentication
Programming YubiKeys for Okta Adaptive Multi-Factor Authentication April 26, 2016 Programming YubiKeys for Okta Adaptive Multi-Factor Authentication Page 1 of 14 Copyright 2016 Yubico Inc. All rights reserved.
More informationContents. Multi-Factor Authentication Overview. Available MFA Factors
The purpose of this document is to provide National University student Single Sign-On users with instructions for how to configure and use Multi-Factor Authentication. Contents Multi-Factor Authentication
More informationDigital Asset Inventory
asset-inventory-2018.1 The term digital assets refers to personal information that is stored electronically on a computer or an online cloud server account that belongs to an individual. Digital assets
More informationThe specifications and information in this document are subject to change without notice. Companies, names, and data used
AUTHENTICATION The specifications and information in this document are subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. This document
More informationPYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER
PYTHIA SERVICE WHITEPAPER BY VIRGIL SECURITY WHITE PAPER May 21, 2018 CONTENTS Introduction 2 How does Pythia solve these problems? 3 Are there any other solutions? 4 What is Pythia? 4 How does it work?
More informationQCon - New York. New York 18th June 2012 (June 18th for Americans)
QCon - New York New York 18th June 2012 (June 18th for Americans) 1 John Davies An ageing Über-geek Hardware, Assembler, C, Objective-C, C++, OCCAM, SmallTalk, Java Worked mostly in trading systems, FX
More informationSign in using social media without an EU Login account
EU Login How to authenticate with EU Login EU Login is the entry gate to sign in to different European Commission services and/or other systems. EU Login verifies your identity and allows recovering your
More informationQUICK REFERENCE GUIDE. Managed Network Security Portal Multi-Factor Authentication
QUICK REFERENCE GUIDE Managed Network Security Portal Multi-Factor Authentication January 10, 2019 To protect our customers critical data, Windstream Enterprise has added additional security measures to
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationSOCIAL LOGIN FOR MAGENTO 2 USER GUIDE
1 User Guide Social Login for Magento 2 Extension SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSSCOMMERCE 1 2 User Guide Social Login for Magento 2 Extension Contents 1. Social Login for Magento 2 Extension
More informationThe MSU Department of Mathematics "Account Manager" can be used for the following:
MSU Department of Mathematics Account Manager Tutorial Overview The MSU Department of Mathematics "Account Manager" can be used for the following: Change your Math account password Reset a forgotten password
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationINSTRUCTIONS FOR CREATING YOUR FBBE ACCOUNT
INSTRUCTIONS FOR CREATING YOUR FBBE ACCOUNT If you do not already have one, download a Two Factor Authentication (2FA) app from the app store on your smart device. We strongly encourage you to use the
More informationCUSTOMER PORTAL. Custom HTML splashpage Guide
CUSTOMER PORTAL Custom HTML splashpage Guide 1 CUSTOM HTML Custom HTML splash page templates are intended for users who have a good knowledge of HTML, CSS and JavaScript and want to create a splash page
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationHelpdesk Administration Guide Advanced Authentication. Version 5.6
Helpdesk Administration Guide Advanced Authentication Version 5.6 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationBarracuda Security Service User Guide
The Barracuda Email Security Service is a cloud-based email security service that protects both inbound and outbound email against the latest spam, viruses, worms, phishing, and denial of service attacks.
More informationPC-FAX.com Web Customer Center
PC-FAX.com Web Customer Center Web Customer Center is a communication center right in your browser. You can use it anywhere you are. If you are registered by Fax.de, you have received a customer number
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationVodafone Mobile Wi-Fi Monitor. Android Troubleshoot Guide
Vodafone Mobile Wi-Fi Monitor Android Troubleshoot Guide Introduction The Mobile Wi-Fi Monitor app allows the user to monitor the status of his mobile Wi-Fi router. To achieve this, the app must pull the
More information2 Factor Authentication. By Ron Brown
2 Factor Authentication By Ron Brown WHAT WILL THE ATTACKER DO TO YOUR ACCOUNT? Once they access your account they will turn off notifications and change your Password Ransack your InBox for stuff like
More informationSOCIAL LOGIN FOR MAGENTO 2
1 User Guide Social Login for Magento 2 SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSS COMMERCE 1 2 User Guide Social Login for Magento 2 Contents 1. Social Login for Magento 2 Extension Overview... 3 2. How
More informationRapidIdentity Mobile Guide
RapidIdentity Mobile Guide Welcome to the RapidIdentity Mobile Component page. The RapidIdentity Mobile guide describes the installation and configuration options for the RapidIdentity Mobile application.
More informationPRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B
PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT 800-63B MOTIVATION DATABASE LEAKAGE ADOBE 152,982,479 Encrypted with 3DES ECB Same password == same ciphertext https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
More informationCMS-i First Time Activation User Guide
Download Soft Token Application (ios Application) Download Soft Token Application (Android Application) First Time Activation Soft Token Registration Version : 1.0 Last updated : 25 th July 2018 alrajhicashbiz24seven
More informationBIDMC Multi-Factor Authentication Enrollment Guide Table of Contents
BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents Definitions... 2 Summary... 2 BIDMC Multi-Factor Authentication Enrollment... 3 Common Multi-Factor Authentication Enrollment Issues...
More informationAdministrator's Guide SecureLogin for JIRA
Administrator's Guide SecureLogin for JIRA Add-on Installation Before you begin To install the Secure Login Plugin, you must log-in with JIRA Admin permissions Installing Secure Login via the UPM 1. Click
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 4 We have a PASSWORD
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationT/Key: Second-Factor Authentication Without Server Secrets
T/Key: Second-Factor Authentication Without Server Secrets Dima Kogan 1, Nathan Manohar 2, Dan Boneh 1 1 Stanford, 2 UCLA Passwords have multiple security issues eavesdropping/key logging phishing password
More informationGetting Started. What is the genuine URL for RHB Now Internet Banking? The genuine URL is Username and Password
Getting Started What is the genuine URL for RHB Now Internet Banking? The genuine URL is https://rhbnow.rhbgroup.com/kh Username and Password What should I do if I've forgotten my Username? Please access
More informationFlorence Blanc-Renaud Senior Software Engineer - Identity Management - Red Hat
TOO BAD... YOUR PASSWORD HAS JUST BEEN STOLEN! DID YOU CONSIDER USING 2FA? Florence Blanc-Renaud (flo@redhat.com) Senior Software Engineer - Identity Management - Red Hat A GOOD PASSWORD: SECURITY THROUGH
More informationLogging Into PaymentNet for the First Time March 2015 Page 1 of 5
Logging Into PaymentNet for the First Time When the ProCard Program Administrator sets up your access to PaymentNet, two (2) emails are sent to you by JP Morgan Commercial Card. One contains the organization
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationAdministrator's Guide SecureLogin for Confluence
Administrator's Guide SecureLogin for Confluence Add-on Installation Before you begin To install the Secure Login Plugin, you must log-in with Confluence Admin permissions Installing Secure Login via the
More informationAuthentication Options
Authentication Options The following options are available to RamsVPN users when authenticating with two-factor authentication. *** Authenticating via web browser is only necessary for enrolling/managing
More informationGetting Started with Duo Security Two-Factor Authentication (2FA)
Getting Started with Duo Security Two-Factor Authentication (2FA) Table of Contents What is Two-Factor Authentication (2FA)?... 1 Why 2FA at Bates College?... 2 2FA Technologies... 3 Duo Protected Resources
More informationMobile Device Management
Mobile Device Management David Roundtree, CISSP Identity & Security Public Sector State & Local Date: April 23, 2013 1 This document is for informational purposes. It is not a commitment to deliver any
More informationDUO Two Factor Authentication (DUO 2FA) User Guide for O365 Applications Login
DUO Two Factor Authentication (DUO 2FA) User Guide for O365 Applications Login Prepared By ITSC Version: 1 Apr 2018 Page 1 Table of Contents 1. About O365 Logon with Duo 2FA... 4 1.1. Prerequisites...
More informationisupplier Portal Registration & Instructions Last Updated: 22-Aug-17 Level 4 - Public INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL
INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS isupplier Portal Registration & Instructions Last Updated: 22-Aug-17 Level 4 - Public Table of Contents 1 New User
More informationICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0
ICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0 August 2017 Date Version Description August 2017 1.0 Initial Draft 1. Single Sign On... 2 2. To register for SSO on the Global ID webpage...
More informationHelpdesk Administration Guide Advanced Authentication. Version 6.0
Helpdesk Administration Guide Advanced Authentication Version 6.0 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationMulti-Factor Authentication (MFA)
What is it? Multi-Factor Authentication, or MFA, is a process that requires more than one type of authentication to gain access to a program. You have probably seen this with your bank or other secure
More informationqrlogin Developer s Guide Version 1.2
qrlogin Developer s Guide Version 1.2 Table of contents qrlogin. System description 2 How to Embed System on Your Web Source 2 Main Functions 2 Strategy to Embed qrlogin System on Web Source 2 Mode of
More informationProgressive Authentication in ios
Progressive Authentication in ios Genghis Chau, Denis Plotnikov, Edwin Zhang December 12 th, 2014 1 Overview In today s increasingly mobile-centric world, more people are beginning to use their smartphones
More informationImporting Contacts to Hotmail/Outlook Account
Submitted by Jess on Tue, 04/16/2013-08:13 If you are using a web browser to access your Hotmail account, (or MSN account or Live account), you can add your existing contacts or those contacts of your
More informationWorldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System
Your world, Secured 2016 Worldwide Release System Overview Wi-Fi interception system is developed for police operations and searching of information leaks in the office premises, government agencies and
More informationSocial Media Login M2 USER MANUAL MAGEDELIGHT.COM SUPPORT E:
Social Media Login M2 USER MANUAL MAGEDELIGHT.COM SUPPORT E: SUPPORT@MAGEDELIGHT.COM P: +1-(248)-275-1202 License Key After successfully installing the Store Pickup extension on your Magento store, First
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationAre you ready? Important things to remember. Quick Start Guide
Are you ready? Upgrades are coming to online and mobile banking and we want to ensure the process goes smoothly for you. This Quick Start Guide will provide you with step by step instructions on how to
More informationOpenID: From Geek to Chic. Greg Keegstra OpenID Summit Tokyo Dec 1, 2011
OpenID: From Geek to Chic Greg Keegstra OpenID Summit Tokyo Dec 1, 2011 Why OpenID? Time for a poll Who has reused their same password when logging into a new website? Who has forgotten their password
More informationSOCIAL LOGIN USER GUIDE Version 1.0
support@magestore.com sales@magestore.com Phone: +1-415-954-7137 SOCIAL LOGIN USER GUIDE Version 1.0 Table of Contents 1. INTRODUCTION... 3 2. HOW TO USE... 4 2.1. Show Social Login buttons at many positions
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationTwo Factor Authentication
Two-Factor Authentication is a way to provide an extra layer of security when it comes to accessing accounts. It not only requires the logon password, but also a code that ONLY the authorized user has
More informationPasswordstate Mobile Client Manual Click Studios (SA) Pty Ltd
2 Table of Contents Foreword 0 Part I Introduction 3 Part II User Preferences 3 Part III System Settings 4 Part IV Mobile Client Permissions 6 Part V Mobile Client Usage 8 Introduction 1 3 Introduction
More informationMobile Login extension User Manual
extension User Manual Magento 2 allows your customers convenience and security of login through mobile number and OTP. Table of Content 1. Extension Installation Guide 2. Configuration 3. API Settings
More informationConfidence Competence Innovation. Secure Login for Jira. User's Guide
Confidence Competence Innovation Secure Login for Jira User's Guide Target Audience This User's Guide is targeted to JIRA users who are working with our secure log- in solution. Motivation Because the
More informationDefeating the Secrets of OTP Apps
Defeating the Secrets of OTP Apps M.A., M.Sc. Philip Polleit, Friedrich-Alexander-Universität, Erlangen Dr.-Ing., Michael Spreitzenbarth, Friedrich-Alexander-Universität, Erlangen philip@polleit.de 1 //
More informationAtlantic Capital Exchange ACE Secure Browser MAC Quick Start Guide
Atlantic Capital Exchange ACE Secure Browser MAC Quick Start Guide ACE Secure Browser is a user friendly, secure application that protects your company while accessing bank information and services. Early
More informationUser Guide for Client Remote Access. Version 1.2
User Guide for Client Remote Access Version 1.2 Table of Contents PAGE Introduction... 2 Microsoft Multi-Factor Authentication Introduction... 3-4 User Enrollment... 5-8 Accessing Remote Resources Windows
More informationPassword Management. Eugene Davis UAH Information Security Club January 10, 2013
Password Management Eugene Davis UAH Information Security Club January 10, 2013 Password Basics Passwords perform service across a broad range of applications Can act as a way to authenticate a user to
More informationSelfService Portal. Step By Step Documentation. This document will show you how to enroll your user account to the SelfService Portal
SelfService Portal Step By Step Documentation This document will show you how to enroll your user account to the SelfService Portal There are three types of Authentication 1. Security Questions 2. Verification
More informationRemote Support Two-Factor Authentication
Remote Support Two-Factor Authentication 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are the property
More informationUbiquitous One-Time Password Service Using Generic Authentication Architecture
Ubiquitous One-Time Password Service Using Generic Authentication Architecture Chunhua Chen 1, Chris J. Mitchell 2, and Shaohua Tang 3 1,3 School of Computer Science and Engineering South China University
More informationThe State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington
The State of Privacy in Washington State August 16, 2016 Alex Alben Chief Privacy Officer Washington I. The Global Privacy Environment Snowden Revelations of NSA surveillance International relations EU
More informationMulti-Factor Authentication (MFA)
What is it? Multi-Factor Authentication, or MFA, is a process that requires more than one type of authentication to gain access to a program. You have probably seen this with your bank or other secure
More informationMore than just being signed-in or signed-out. Parul Jain, Architect,
More than just being signed-in or signed-out Parul Jain, Architect, Intuit @ParulJainTweety Why do we care? TRUST & SECURITY EASE OF ACCESS Can t eliminate friction? Delay it Authentication Levels to balance
More informationPersonal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018
Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About
More informationPORTAL REGISTRATION & ACCESS USER S AID
PORTAL REGISTRATION & ACCESS USER S AID These instructions will assist you registering for myrewadseveryday.com, changing your password, secret question or email address, and recovering your password and
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationBOCI Securities Limited Security Token User Guide (for Securities Account) Content
BOCI Securities Limited Security Token User Guide (for Securities Account) Content I. Activating your BOCI Security Token (P.2-6) II. Login your Online Securities Account with BOCI Security Token (P.7-8)
More informationIn an effort to maintain the safety and integrity of our data and your information, TREK has updated the web site security.
In an effort to maintain the safety and integrity of our data and your information, TREK has updated the web site security. Here s what has changed: The next time you login to EzQuote, after you enter
More informationSecure Authentication
Secure Authentication Two Factor Authentication LDAP Based SSH Keys Mark Gardner UMB Financial Corporation Noor Kreadly Federal Reserve Bank of Kansas City Prerequisites 2 Software Used edirectory 9.0
More informationALAP - AgiLe Authentication Provider
Documentation ALAP - AgiLe Authentication Provider Description of the Agile Authentication Provider (ALAP) Version 0.1, 23.11.2015 Andreas Fitzek andreas.fitzek@egiz.gv.at Summary: This document describes
More informationCloud Frame Quick Start Guide
Cloud Frame Quick Start Guide The product's pictures and UI in this QSG are for reference only, and the product's appearance will vary with each model. Motion Sensor Remote illustration Open the battery
More informationInformation Sharing and User Privacy in the Third-party Identity Management Landscape
Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna Vapen¹, Niklas Carlsson¹, Anirban Mahanti², Nahid Shahmehri¹ ¹Linköping University, Sweden ²NICTA, Australia 2
More information